Description: In this video, Jesse Varsalone from Offensive Security demonstrates how to hack a Vista box using Backtrack. For this demo physical access to the Vista box will be required. Jesse boots into Backtrack and mounts the Vista drive in write mode. He then replaces the Windows Utility Manager program utilman.exe with cmd.exe ( command shell ). It is important to note that utilman.exe is protected by the Windows File Protection (WPF) feature and thus cannot be replaced while Vista is running. Once utilman.exe has been replaced, Jesse boots into Vista. On coming to the login prompt, he presses the windows key and the "U" key together to launch utilman.exe, which now is our command shell, cmd.exe. This command shell session has system level privileges. We now run the Explorer.exe program to launch the desktop and associated programs.
This demo goes to show, how easy it is to subvert security once you have physical access. The original video is available here.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.